#!/bin/bash
set -e
#set -x
sdir=/usr/share/omix
ldir=/var/lib/omix
vdir=/etc/omix
ddir=/usr/share/doc/omix-files

bak="--backup=numbered"
[ -f /etc/samba/smb.conf ] && grep -q "server role = standalone server" /etc/samba/smb.conf \
  && mv $bak /etc/samba/smb.conf /etc/samba/smb.conf.dpkg-old
. /usr/share/omix/debconflib

if [ -f /etc/samba/smb.conf ]; then
  net ads testjoin -k >/dev/null 2>&1 && exit
fi
#cleanup
systemctl stop smbd nmbd winbind
systemctl mask nmbd
ln -sf -t /etc/samba $ldir/smb.conf $ldir/smb-share-defaults.conf
rm -f /var/run/samba/*.[t,l]db \
    /var/lib/samba/*.[t,l]db \
    /var/lib/samba/private/*.[t,l]db \
    /var/cache/samba/*.[t,l]db  \
    /var/cache/samba/printing/*.[t,l]db
#one pass
[ -f /etc/security/limits.d/samba.conf ] || cat >/etc/security/limits.d/samba.conf <<EOF
* - nofile 16384
root - nofile 16384
EOF
domain=$(hostname -d)
realm=$(echo $domain | tr '[:lower:]' '[:upper:]')
wkg=$( echo $domain | sed 's/.[^.]*$//; s/^.*\.//') #'
[[ -e /etc/samba/domain.conf ]] || \
cat >/etc/samba/domain.conf <<EOF
  workgroup = $wkg
  realm = $realm
# idmap config for domain $domain
  idmap config $wkg:backend = rid
  idmap config $wkg:range = 10000-99999
EOF

cat >/etc/krb5.conf <<EOF
[libdefaults]
    default_realm = $realm
    dns_lookup_realm = false
    dns_lookup_kdc = true
EOF

sed -i -E -e '/winbind/b' -e '/^passwd:|group:/s/^(.*)$/\1 winbind/' /etc/nsswitch.conf
/usr/share/omix/mkconf

getpasswd high
net ads join -U Administrator%$pass
systemctl start smbd winbind
chgrp BUILTIN\\users /var/samba/*
chmod 770 /var/samba/*

